[Azazel] Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit based off of the original LD_PRELOAD
technique from Jynx rootkit. It is more robust and has additional
features, and focuses heavily around anti-debugging and anti-detection.

Features

Anti-debugging

Avoids unhide, lsof, ps, ldd detection

Hides files and directories

Hides remote connections

Hides processes

Hides logins

PCAP hooks avoid local sniffing

Two accept backdoors with full PTY shells.

Crypthook encrypted accept() backdoor

Plaintext accept() backdoor

PAM backdoor for local privesc and remote entry

Log cleanup for utmp/wtmp entries based on pty

Uses xor to obfuscate static strings

As with anything of this nature, it’s recommended you check the
source-code/run it in a safe environment etc. But if I have to emphasise
stuff like that, this is probably the wrong site for you.